package com.lehecai.ucenter.action.server;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletResponse;

import net.sf.json.JSONObject;

import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;

import com.lehecai.core.service.memcached.MemcachedService;
import com.lehecai.ucenter.action.BaseAction;
import com.lehecai.ucenter.client.AppResponse;
import com.lehecai.ucenter.entity.app.App;
import com.lehecai.ucenter.entity.permission.User;
import com.lehecai.ucenter.service.app.AppService;
import com.lehecai.ucenter.service.permission.UserService;
import com.lehecai.ucenter.utils.AuthorizeSignUtils;
import com.lehecai.ucenter.utils.MemcachedTicket;

public class VerifyAction extends BaseAction {
	
	private static final long serialVersionUID = -8634484692576627642L;
	
	private UserService userService;
	private AppService appService;
	private MemcachedService memcachedService;
	
	private String token;
	private String random;
	private String sign;
	private String uid;
	private String ticket;
	
	public String handle() {
		HttpServletResponse response = ServletActionContext.getResponse();
		JSONObject obj = new JSONObject();
		if (StringUtils.isEmpty(uid) || StringUtils.isEmpty(random) || StringUtils.isEmpty(sign) || StringUtils.isEmpty(ticket)) {
			logger.error("验证授权安全性参数不全！");
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "验证授权安全性参数不全！");
			super.writeRs(response, obj);
			return null;
		}
		App app = appService.findByToken(token);
		if (app == null) {
			logger.error("您所访问系统未经过用户中心授权！");
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "您所访问系统未经过用户中心授权！");
			super.writeRs(response, obj);
			return null;
		}
		Map<String, String> params = new HashMap<String, String>();
		params.put("token", token);
		params.put("uid", uid);
		params.put("ticket", ticket);
		params.put("random", random);
		if (!AuthorizeSignUtils.generateAuthorizeSign(params, app.getSecret()).equals(sign)) {
			logger.error("验证授权安全性签名错误！");
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "验证授权安全性签名错误！");
			super.writeRs(response, obj);
			return null;
		}
		
		MemcachedTicket memcachedTicket = null;
		try {
			memcachedTicket = (MemcachedTicket) memcachedService.get(ticket);
		} catch (Exception e) {
			logger.error(e.getMessage(), e);
		}
		if (memcachedTicket == null) {
			logger.error("验证授权安全性未找到对应ticket信息！");
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "验证授权安全性未找到对应ticket信息！");
			super.writeRs(response, obj);
			return null;
		}
		if (!memcachedTicket.getUid().equals(uid)) {
			logger.error("验证授权安全性对应ticket的用户信息不匹配！");
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "验证授权安全性对应ticket的用户信息不匹配！");
			super.writeRs(response, obj);
			return null;
		}
		try {
			memcachedService.delete(ticket);
		} catch (Exception e) {
			logger.error(e.getMessage(), e);
		}
		User user = userService.get(Long.valueOf(uid));
		if (user == null) {
			logger.error("授权已通过，未找到uid={}对应的用户信息！", uid);
			obj.put("code", AppResponse.APP_CODE_FAILURE);
			obj.put("message", "授权已通过，未找到uid=" + uid + "对应的用户信息！");
			super.writeRs(response, obj);
			return null;
		}
		obj.put("code", AppResponse.APP_CODE_SUCCESS);
		obj.put("message", "登录成功！");
		obj.put("data", User.convertFromObject(user));
		super.writeRs(response, obj);
		return null;
	}

	public UserService getUserService() {
		return userService;
	}

	public void setUserService(UserService userService) {
		this.userService = userService;
	}

	public AppService getAppService() {
		return appService;
	}

	public void setAppService(AppService appService) {
		this.appService = appService;
	}

	public MemcachedService getMemcachedService() {
		return memcachedService;
	}

	public void setMemcachedService(MemcachedService memcachedService) {
		this.memcachedService = memcachedService;
	}

	public String getToken() {
		return token;
	}

	public void setToken(String token) {
		this.token = token;
	}

	public String getRandom() {
		return random;
	}

	public void setRandom(String random) {
		this.random = random;
	}

	public String getSign() {
		return sign;
	}

	public void setSign(String sign) {
		this.sign = sign;
	}

	public String getUid() {
		return uid;
	}

	public void setUid(String uid) {
		this.uid = uid;
	}

	public String getTicket() {
		return ticket;
	}

	public void setTicket(String ticket) {
		this.ticket = ticket;
	}
	
}
